7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
KAuth provides a convenient, system-integrated way to offload actions that need to be performed as a privileged user (root, for example) to small (hopefully secure) helper utilities.
The KDE libraries, basis of KDE and used by many open source projects.
KAuth and KDELibs contains a logic flaw in which the service invoking D-Bus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account.
A local attacker could spoof the identity of the caller invoking D-Bus, possibly resulting in gaining privileges.
There is no known workaround at this time.
All KAuth users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-frameworks/kauth-5.29.0-r1"
All KDELibs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-frameworks/kdelibs-4.14.32"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | kde-frameworks/kauth | < 5.29.0-r1 | UNKNOWN |
Gentoo | any | all | kde-frameworks/kdelibs | < 4.14.32 | UNKNOWN |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%